iredmail-doc/html/password.hashes.html

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Password hashes</title>
        <link href="./css/markdown.css" rel="stylesheet"></head>
    </head>
    <body>
    
    <div id="navigation">
        <a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
    
        // <a href="./index.html">Document Index</a>
    </div><h1 id="password-hashes">Password hashes</h1>
<h2 id="password-hashes-supported-by-iredmail">Password hashes supported by iRedMail</h2>
<p>iRedMail configures Postfix to use Dovecot as SASL authenticate server, so all
password schemes supported by Dovecot can be used in iRedMail. Please refer to
Dovecot wiki page
<a href="http://wiki2.dovecot.org/Authentication/PasswordSchemes"><code>Password Schemes</code></a> for more details.</p>
<p>Below password schemes are supported in iRedAdmin-Pro (which means you can add new mail user with either one):</p>
<ul>
<li>Plain text. e.g. <code>123456</code></li>
<li>MD5. (salted. e.g. <code>$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></li>
<li>PLAIN-MD5 (unsalted MD5). e.g. <code>0d2bf3c712402f428d48fed691850bfc</code></li>
<li>SSHA. e.g. <code>{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD</code></li>
<li>SSHA512. e.g. <code>{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</code></li>
</ul>
<p><strong>NOTE</strong>: Dovecot claims it supports SSHA512, but I didn't get it work.
Please test it first if you choose SSHA512.</p>
<h2 id="default-password-schemes-used-in-iredmail">Default password schemes used in iRedMail</h2>
<ul>
<li>For MySQL and PostgreSQL backends: <code>MD5</code> (salted).</li>
<li>For LDAP backend: <code>SSHA</code>.</li>
</ul>
<h2 id="how-to-use-different-password-hashes-in-iredmail">How to use different password hashes in iRedMail</h2>
<h3 id="for-mysql-and-postgresql-backends">For MySQL and PostgreSQL backends</h3>
<p>All mail users are stored in SQL table <code>vmail.mailbox</code>, user password is stored
in SQL column <code>mailbox.password</code>. For example:</p>
<pre><code>sql&gt; UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
sql&gt; UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
sql&gt; UPDATE mailbox SET password='{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=' WHERE username='xx@xx';
</code></pre>

<ul>
<li>To store PLAIN-MD5, you have to prepend <code>{PLAIN-MD5}</code> in your password hash:</li>
</ul>
<pre><code>sql&gt; UPDATE mailbox SET password='{PLAIN-MD5}0d2bf3c712402f428d48fed691850bfc' WHERE username='xx@xx';
</code></pre>

<ul>
<li>To store plain password, you have to prepend <code>{PLAIN}</code>:
<code>sql&gt; UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';</code></li>
</ul>
<h3 id="for-ldap-backends">For LDAP backends</h3>
<p>User password is stored in attribute <code>userPassword</code> of user object.</p>
<ul>
<li>
<p>To store plain password, SSHA, SSHA512 password hash, just store them in
original format. For example:
<code>userPassword: 123456
userPassword: {SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD
userPassword: {SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</code></p>
</li>
<li>
<p>To store standard MD5 password (salted MD5 hash), please prepend <code>{CRYPT}</code>
(case insensitive) in your password hash. For example:
<code>userPassword: {CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></p>
</li>
</ul>
<p><strong>IMPORTANT NOTE</strong>: If you want to input password hash with phpLDAPadmin,
please choose <code>clear</code> in the password hash list, then input password hash.</p><br /><p style="text-align: center;">If you found something wrong
in this document, please do
<a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p><p style="text-align: center; color: grey;">&copy&copy Creative Commons</p></body></html>